Despite huge amounts of money spent on network defence, organizations are still lagging in the time it takes to detect breaches, according to Verizon Communications’ annual data breach report.
Tuesday’s report, which compiles information from a number of security vendors, service providers and governments around the world, is one of the most comprehensive looks at cyber crime trends.
Among the findings is that in 60 per cent of reported cases, attackers last year were able to compromise an organization within minutes.
“Unfortunately, the proportion of breaches discovered within days still falls well below that of time to compromise,” the report says. “Even worse, the two lines are diverging over the last decade, indicating a growing “detection deficit” between attackers and defenders. We think it highlights one of the primary challenges to the security industry.”
“If you’re desperate for good news,” it adds, “you’ll be happy to see that 2014 boasts the smallest deficit ever recorded and the trend lines appear a bit more parallel than divergent. We’ll see if that’s a trick or a budding trend next year.”
On the other hand, figures from 100,000 organizations showed that half of them experienced 35 or fewer days of caught malware events during an entire calendar year — that is after they had been winnowed down by controls like firewalls, intrusion detection systems (IDS)/intrusion prevention systems (IPS), spam filters, etc., will have already reduced the raw stream of malware.
The sometimes cheeky report tries to spot trends from reported incidents from its many contributors, but can’t quite claim to be scientific: For example, it notes that last year’s report included incidents in 95 countries, but only 61 this year. That should not be interpreted as meaning 34 countries were incident-free, it warns.
Among the trends:
–Incidents vs breaches: There’s a trend that still holds — the biggest per centage of the overall number of security incidents are related to what are called “miscellaneous errors (29 per cent), followed by crimeware (25 per cent); insider misuse (20 per cent) and physical theft/loss (15 per cent).
Despite the headlines, cyber espionage, POS intrusions and payment card skimmers are less than one per cent. In other words, most are people-related.
That may suggest threats are more manageable than pessimists believe.
On the other hand, POS intrusions did make the majority of last year’s confirmed data breaches (28.5 per cent), followed by crimeware (almost 19 per cent) and cyber espionage (18 per cent) among 1,598 breaches.